package org.kl.bf.web.account;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.kl.bf.utils.BasicConstants;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

/**
 * LoginController负责打开登录页面(GET请求)和登录出错页面(POST请求)，
 * 
 * 真正登录的POST请求由Filter完成,
 * 
 * @author calvin
 */
@Controller
@RequestMapping(value = "/login")
public class LoginController {

	@RequestMapping(method = RequestMethod.GET)
	public String login(HttpServletRequest req, HttpSession session, Model model) {
		String loginPage = (String) session.getServletContext().getAttribute(BasicConstants.CONFIG_LOGINPAGE);
		if (StringUtils.isBlank(loginPage)) {
			loginPage = "login";
		}
		if (SecurityUtils.getSubject().getSession() != null) {
			SecurityUtils.getSubject().logout();
		}
		String forceLogout = req.getParameter("forceLogout");
		if (StringUtils.equals(forceLogout, "1")) {
			model.addAttribute("forceLogout", 2);
			return "account/jumpTop";
		}
		if (StringUtils.equals(forceLogout, "2")) {
			model.addAttribute("forceLogout", true);
			model.addAttribute("error", "您已被强制退出");
		}
		String login = req.getParameter("login");
		if (StringUtils.equals(login, "1")) {
			model.addAttribute("login", 1);
		}
		return "account/" + loginPage;
	}

	/**
	 * 不支持网页
	 */
	@RequestMapping(value = "noSupport", method = RequestMethod.GET)
	public String noSupport() {
		return "account/noSupport";
	}

	@RequestMapping(value = "quiz", method = RequestMethod.GET)
	public String quiz(HttpServletRequest req, HttpSession session, Model model) {
		String loginPage = (String) session.getServletContext().getAttribute(BasicConstants.CONFIG_LOGINPAGE);
		if (StringUtils.isBlank(loginPage)) {
			loginPage = "quiz";
		}
		if (SecurityUtils.getSubject().getSession() != null) {
			SecurityUtils.getSubject().logout();
		}
		String forceLogout = req.getParameter("forceLogout");
		if (StringUtils.equals(forceLogout, "1")) {
			model.addAttribute("forceLogout", 2);
			return "account/jumpTop";
		}
		if (StringUtils.equals(forceLogout, "2")) {
			model.addAttribute("forceLogout", true);
			model.addAttribute("error", "您已被强制退出");
		}
		return "account/" + loginPage;
	}

	/**
	 * 登录成功后，按倒退，继续登录，这时永远在login.jsp里跳转，原因是subject.isAuthenticated()是true，
	 * 在AccessControlFilter的onPreHandle方法里不会触发onAccessDenied(request, response,
	 * mappedValue)，然后就进入了LoginController的
	 * fail(@RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM)
	 * String userName, Model model) 永远在login.jsp了
	 * 
	 * @param userName
	 * @param model
	 * @return
	 */
	@RequestMapping(method = RequestMethod.POST)
	public String fail(@RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM) String userName, HttpServletRequest req,
			HttpSession session, Model model) {
		String loginPage = (String) session.getServletContext().getAttribute(BasicConstants.CONFIG_LOGINPAGE);
		if (StringUtils.isBlank(loginPage)) {
			loginPage = "login";
		}
		String exceptionClassName = (String) req.getAttribute("shiroLoginFailure");
		String error = null;
		if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
			error = "用户名/密码错误";
		} else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
			error = "用户名/密码错误";
		} else if (AuthenticationException.class.getName().equals(exceptionClassName)) {
			error = "用户名/密码错误";
		} else if (exceptionClassName != null) {
			error = "其他错误：" + exceptionClassName;
		}
		model.addAttribute("error", error);
		model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, userName);
		if (SecurityUtils.getSubject().isAuthenticated()) {// 防止重复登录后循环在登录界面
			return "redirect:/";
		}
		return "account/" + loginPage;
	}

}
